The Heartbleed bug, a newly discovered security vulnerability that puts users’ passwords at many popular Web sites at risk, has upended the Web since it was disclosed earlier this week. It’s an extremely serious issue, and as such, there’s a lot of confusion about the bug and its implications as you use the Internet.

Heartbleed is a software bug in the open-source cryptography library OpenSSL. At its public disclosure, on April 7, 2014, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to have been vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.